Information Security Management Systems

ISO 27001, the Information Security Management system confirms your commitment to a customer focussed process of improvement that supports business growth and profitability. The standard is built on proven business principles which are set out in a logical ‘Plan-Do-Review’ cycle.

When Spedan Consultants work with you, they will help you understand and implement a culture of continual improvement.

Your system will be completely bespoke to your Organisation, which ensures that your business objectives are addressed.

We are recognised by BSi and NQA as Associate Consultants and can work with you to choose your Certification Body, who will ultimately audit your systems to award your ISO 27001 Certificate.

We offer a full support programme of face to face consultancy, training, and our unique Online Knowledge Base.

Whatever your aims or requirements, we can develop a programme that fits your budget and aspirations.

To help guide your planning, we’ve laid out the four most common types of support that we can offer.

Choose your service from the options in the image below.

What our customers say

We needed to develop an Information Security system to win a contract
We are a small business and were worried about the amount of additional paperwork that could be added with an Information Security business. The guys at Spedan really helped us to understand the requirements. We tightened up some issues which we hadn’t considered, and integrated the ISMS with our Quality systems. Now we’re on top of it, and our customers are very happy.

Greg Giddings, Send and Receive

Gap Analysis

If you need to set up a management system, we can help you to plan your project. Our Gap Analysis will identify exactly what you need to do and
ensure that you focus your resources correctly. Perfect if you are aiming
to do the work yourself, or carrying out a feasibility study!

Our experience with ISO 27001 shows that most businesses are unaware of the legal issues and necessary management practices that are needed to ensure good ISMS performance. Even fewer will have explored the opportunities open to them to improve ISMS performance to gain a competitive advantage.

We will review your existing management practices to identify where these meet the requirements of ISO 27001:2013. We will be able to identify what you need to develop and implement to meet the full requirements, and create an effective action plan for you to follow.

Your Gap Analysis will follow a bespoke programme covering all aspects of your business, including the Management and operational processes, suppliers, customers and your staff.

Benefits of a Gap Analysis

Provides clarity on your legal requirements

Provides a clear and prioritised action plan to start developing your Management System

Introduces you to the requirements and benefits of good ISMS management

Identifies how the ISMS requirements could be integrated with your Quality systems

Implementation

We will support you from the very beginning of your journey to implement an ISO 27001 management system, through the process of certification and
on going surveillance. Use our experience to make the process easy and
beneficial for your business.

We will take you through the full process of setting up an ISMS management system, onwards to
having the system Certified, and then maintaining the system into the future. We will work with you
to understand your business and ensure your ISMS system fits your business and your goals.

Our experience shows that many businesses are exposed to legal requirements, and either don’t
manage the issues adequately and if they do, don’t record or document necessary records.
Therefore, our approach ensures that existing good practice is captured and built on in your new
ISMS management system.

Depending on the level of support that you need, most implementations will take between 3 and 6 months to achieve certification. Of course, if you need things faster, we can usually facilitate this,
but let’s talk it through.

Maintain

If you have a system in place, but need additional resource to ensure that
it is effective and kept up to date, we can support you. Our bespoke
maintenance plans are designed to ensure that you maintain the key
activities of the system and ensure it adds value to your business.

We will work with you to identify routine actions such as internal audit and management review to ensure your management system is operating as you expect it to; efficiently and effectively!

On top of that, we also carry out a full review of your operations against legislation to ensure that you are meeting your compliance requirements.

We will collate your requirements and build an effective action plan to put in place the appropriate decisions and actions you make in relation to your effective ISMS management system.

Depending on the level of support you want, we can action and monitor the projects that need to take place. We can support any external audits that are made on your business; whether from a Customer or a Certification Body.